Issue Description 问题描述
Customer configure radius service.After uplink connect to radius server is down,they found one issue.
There is a local user on device,When they login device using that user,they will be cut off by AAA and give below error:
Info: Receive a message from AAA of cutting user.
Alarm Information 报警信息
Info : Receive a message from AAA of cutting user.
Handling Process 处理过程
1、Check the configuration ,Customer use radius to provide authentication and accounting service.
aaa
authentication-scheme login
2、Analyze the service process,When user login device.first S5700 will try to send packet to radius server,If there is no reponse,S5700 will use local authentication ,But for accounting service,by default ,users cannot go online if accounting-start fails.That is why user is cut off by AAA module.Add below command and test it works fine.
accounting start-fail online
debugging aaa all
debugging radius all
debugging cm
仅做认证,无法下发权限,用户认证通过后,登陆设备,以super password自助提前实现授权。
在新版本下,设备无super password配置,所以无法实现用户需求的权限下发,非HW设备问题。
本地无法做计费,所以计费不用修改,但出现了异常提示认证失败,若不配置计费属性,用户可以正常的认证上线。
此处本地无授权功能,但是设备仍会运行计费进程,发现本地无法提供该属性。
解决方案:
accounting-scheme radius
accounting start-fail online